Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A computing environment for monitoring usage of an application to identify characteristics and trigger security control, the computing environment comprising: an originating system having a computing platform having a memory and at least one processor in communication with the memory; a plurality of networked communication channels each configured to communicate one or more of a plurality of instructions for interacting with one or more control systems and one or more downstream resources in response to calling of an originating application by the originating system; and an application system in operative communication with the originating system and the plurality of networked communication channels and for providing automatic application characteristic identification and triggering security control, and comprising a computing platform having a memory and at least one processor in communication with the memory, the memory comprising computer-executable instructions, that when executed cause the processor to: perform a query configured to identify any application calls performed in a predetermined period of time within the computing environment; for each identified application call, build a corresponding application characteristics entry in a database; for each identified application call, identify a plurality of characteristics of the called application including at least one downstream resource; associate the identified plurality of characteristics of the called application with the application characteristics entry in the database, thereby creating an application mapping; identify one or more security controls associated with each of the applications in the application mapping; associate the identified one or more security controls with the associated application characteristics entry in the application mapping; and automatically trigger assessment of an effectiveness of the one or more security controls in response to identifying a future application call.
This invention relates to a computing environment designed to monitor application usage, identify application characteristics, and trigger security controls based on detected behavior. The system addresses the challenge of dynamically assessing and enforcing security measures in response to application interactions within a networked computing environment. The computing environment includes an originating system with a computing platform that executes an originating application. Multiple networked communication channels facilitate interactions between the originating system, control systems, and downstream resources. An application system, connected to the originating system and communication channels, performs automatic application characteristic identification and security control triggering. The application system queries the environment to detect application calls made within a specified timeframe. For each detected call, it builds an entry in a database, capturing characteristics of the called application, including downstream resources. These characteristics are mapped to the application entry, creating an application mapping. The system then identifies security controls associated with each application in the mapping and links them to the corresponding database entry. When a future application call is detected, the system automatically assesses the effectiveness of the associated security controls, ensuring proactive security management. This approach enhances security by dynamically monitoring application behavior and enforcing controls based on real-time usage patterns.
2. The computing environment of claim 1 , wherein the computer-executable instructions, when executed further cause the processor to: periodically perform subsequent queries; and add an additional application characteristics entry in the application mapping of the database.
The invention relates to a computing environment that monitors and manages application characteristics in a database. The system addresses the challenge of dynamically tracking and updating application attributes to improve system performance, security, or resource allocation. The environment includes a processor and a database storing an application mapping that associates applications with their respective characteristics. The processor executes instructions to periodically query the system for application data, analyze the results, and update the database with new or modified application characteristics. This ensures the application mapping remains current, enabling the system to adapt to changes in application behavior, dependencies, or configurations. The periodic queries and updates allow the system to maintain accurate and up-to-date information, which can be used for tasks such as application management, security monitoring, or performance optimization. The invention improves upon static application mappings by continuously refining the database to reflect real-time or near-real-time application states. This dynamic approach enhances system responsiveness and reliability in environments where applications frequently change or evolve.
3. The computing environment of claim 1 , wherein the computer-executable instructions, when executed further cause the processor to: automatically initiate a reporting transmission to one or more administrative systems, wherein the reporting transmission comprises information related to the assessment.
The invention relates to computing environments designed to monitor and assess system performance, security, or operational metrics. The core system includes a processor executing instructions to collect data from various sources within the computing environment, analyze the data to generate assessments, and take automated actions based on those assessments. These actions may include generating alerts, modifying system configurations, or triggering remediation processes. The invention further includes a feature where the system automatically sends a reporting transmission to one or more administrative systems. This transmission contains detailed information about the assessments performed, such as performance metrics, security vulnerabilities, or operational anomalies. The reporting transmission ensures that administrators or centralized monitoring systems receive timely and relevant data, enabling proactive management and decision-making. The system may also include mechanisms to customize the reporting content, frequency, or recipients based on predefined rules or administrative preferences. This automated reporting enhances visibility into system health and facilitates efficient troubleshooting and compliance tracking.
4. The computing environment of claim 1 , wherein the computer-executable instructions, when executed further cause the processor to: initiate presentation of an administrative dashboard comprising: information related to the assessment access management controls; and exposure-application mapping information.
This invention relates to computing environments that manage access to sensitive data or applications, addressing the challenge of ensuring proper security controls while providing visibility into access risks. The system includes a processor and computer-executable instructions that, when executed, perform several functions. These functions include assessing access management controls to determine if they meet predefined security criteria, identifying exposure risks based on access patterns, and generating alerts when potential security vulnerabilities are detected. The system also maps applications to their respective exposure risks, allowing administrators to understand which applications are most vulnerable. A key feature is the presentation of an administrative dashboard that consolidates this information. The dashboard displays details about the assessment of access management controls, including whether they comply with security policies. Additionally, it provides exposure-application mapping information, showing which applications are associated with high-risk access scenarios. This helps administrators prioritize security improvements and monitor compliance. The system enhances security by automating risk detection and providing actionable insights through a centralized interface.
5. The computing environment of claim 1 , wherein the computer-executable instructions, when executed further cause the processor to: transmit instructions to two or more disparate control systems requesting information related to at least two different security controls associated with the future application call, wherein at least one of the two different security controls are managed by each of the two or more control systems; receive responses from the two or more control systems; and communicate information from the responses to an administrative system.
This invention relates to a computing environment that enhances security control coordination for application calls. The system addresses the challenge of managing multiple security controls across disparate control systems, ensuring that security policies are consistently enforced before an application call is executed. The computing environment includes a processor and computer-executable instructions that, when executed, perform several key functions. First, the system transmits instructions to two or more separate control systems, requesting information about at least two different security controls associated with an upcoming application call. Each of these control systems manages at least one of the security controls. The system then receives responses from these control systems, which may include status updates, policy compliance data, or other relevant security information. Finally, the system communicates the aggregated information from these responses to an administrative system, enabling centralized monitoring and decision-making. This approach ensures that security controls are properly evaluated and enforced before the application call proceeds, reducing the risk of unauthorized access or policy violations. The system improves security coordination by integrating disparate control systems into a unified framework, streamlining the enforcement of security policies across different domains.
6. The computing environment of claim 1 , wherein the computer-executable instructions, when executed further cause the processor to: initiate communication of information related to the assessment to one or more control owners associated with the one or more security controls.
This invention relates to cybersecurity risk assessment and control management in computing environments. The problem addressed is the need for efficient communication of security assessment results to control owners responsible for implementing and maintaining security controls. In a computing environment, security controls are measures designed to protect systems and data from threats. Assessing these controls involves evaluating their effectiveness and identifying vulnerabilities. A key challenge is ensuring that assessment findings are promptly and accurately conveyed to the relevant control owners so they can take corrective actions. The invention provides a system that performs security assessments and automatically communicates the results to the appropriate control owners. The system includes a processor executing computer-executable instructions to assess security controls within the computing environment. After evaluating the controls, the system generates an assessment that includes details about the controls' effectiveness, vulnerabilities, and recommended actions. The system then identifies the control owners—individuals or teams responsible for each security control—and initiates communication of the assessment information to them. This communication may include notifications, reports, or alerts delivered through various channels such as email, messaging platforms, or dashboards. By automating this process, the system ensures timely dissemination of critical security information, reducing response times and improving overall security posture. The invention enhances accountability and efficiency in managing security controls by directly linking assessment results to the responsible parties.
7. The computing environment of claim 1 , wherein the computer-executable instructions, when executed further cause the processor to: in response to the assessment, automatically initiate remedial actions.
This invention relates to computing environments designed to automatically assess and respond to system conditions or events. The system includes a processor and computer-executable instructions that, when executed, monitor the computing environment for predefined conditions or events. Upon detecting such conditions, the system performs an assessment to determine the appropriate response. Based on this assessment, the system automatically initiates remedial actions to address the detected issue. These remedial actions may include system adjustments, notifications, or other corrective measures to maintain or restore optimal operation. The system is configured to handle various types of conditions, such as performance degradation, security threats, or resource shortages, and can adapt its responses based on the severity or nature of the detected issue. The automated assessment and response process reduces the need for manual intervention, improving system reliability and efficiency. The invention is particularly useful in environments where real-time monitoring and rapid response are critical, such as data centers, cloud computing platforms, or enterprise networks.
8. A method for monitoring usage of an application to identify characteristics and trigger security control, the method comprising: performing, by an application system, a query configured to identify any application calls performed in a predetermined period of time within the computing environment; for each identified application call, building, by the application system, a corresponding application characteristics entry in a database; for each identified application call, identifying, by the application system, a plurality of characteristics of the called application; associating, by the application system, the identified plurality of characteristics of the called application with the application characteristics entry in the database, thereby creating an application mapping; identifying, by the application system, one or more security controls associated with each of the applications in the application mapping; associating, by the application system, the identified one or more security controls with the associated application characteristics entry in the application mapping; and automatically triggering assessment, by the application system, of an effectiveness of the one or more security controls in response to identifying a future application call.
The invention relates to application usage monitoring and security control assessment in computing environments. It addresses the challenge of dynamically identifying application characteristics and ensuring the effectiveness of associated security controls. The method involves querying an application system to detect all application calls made within a specified timeframe. For each detected call, the system builds a corresponding entry in a database, capturing multiple characteristics of the called application, such as its behavior, permissions, or dependencies. These characteristics are linked to the database entry, creating a mapping of applications and their traits. The system then identifies security controls tied to each application in the mapping, associating these controls with the relevant database entries. When a future application call is detected, the system automatically assesses whether the linked security controls are functioning effectively. This approach enables real-time monitoring of application usage and proactive evaluation of security measures, enhancing system protection against potential threats. The method ensures continuous alignment between application behavior and security policies, reducing vulnerabilities.
9. The method of claim 8 , further comprising: periodically performing subsequent queries; and adding an additional application characteristics entry in the application mapping of the database.
This invention relates to a system for dynamically mapping application characteristics to database entries. The problem addressed is the need to efficiently track and update application-specific data in a database as applications evolve over time. The method involves initially querying an application to extract its characteristics, such as configuration settings, dependencies, or performance metrics. These characteristics are then stored in a structured database mapping, linking them to the corresponding application. To ensure the database remains current, the method includes periodically performing subsequent queries to detect changes in the application's characteristics. When changes are identified, an additional entry is added to the application mapping in the database, preserving historical data while updating the latest state. This allows for continuous monitoring and analysis of application behavior over time. The system may also include a user interface for viewing or modifying the stored application characteristics, ensuring flexibility in how the data is utilized. The periodic updates and structured storage enable accurate tracking of application evolution, supporting tasks like troubleshooting, performance optimization, and compliance monitoring.
10. The method of claim 8 , further comprising: automatically initiating a reporting transmission to one or more administrative systems, wherein the reporting transmission comprises information related to the assessment.
A system and method for automated assessment and reporting in a networked environment addresses the challenge of efficiently monitoring and evaluating system performance, security, or operational metrics without manual intervention. The invention involves a process where an assessment is conducted on a target system or network, analyzing data to determine compliance, security vulnerabilities, performance metrics, or other relevant parameters. The assessment may include real-time monitoring, periodic evaluations, or event-triggered checks, depending on the configuration. Once the assessment is completed, the system automatically generates a detailed report containing the findings, including identified issues, performance metrics, compliance status, or security risks. This report is then transmitted to one or more administrative systems, which may include centralized monitoring platforms, security operations centers, or management consoles. The reporting transmission ensures that relevant stakeholders receive timely and actionable insights, enabling proactive decision-making and remediation. The system may also support customizable reporting formats, encryption for secure transmission, and integration with existing enterprise systems to streamline workflows. By automating the assessment and reporting process, the invention reduces manual effort, improves response times, and enhances overall system reliability and security.
11. The method of claim 8 , further comprising: initiating presentation of an administrative dashboard comprising: information related to the assessment access management controls; and exposure-application mapping information.
A system and method for managing access to security assessments and tracking exposure applications. The technology addresses the challenge of securely controlling access to sensitive security assessment data while providing visibility into how applications are exposed to potential vulnerabilities. The method involves generating an assessment access management control that defines permissions for accessing security assessments, such as read, write, or delete privileges. These controls are then applied to restrict or grant access to the assessments based on user roles or other criteria. Additionally, the system maps exposure applications to their respective security assessments, allowing administrators to track which applications are associated with specific vulnerabilities or risks. An administrative dashboard is provided to display information about the access management controls and the exposure-application mapping. This dashboard enables administrators to monitor and manage access permissions, ensuring that only authorized users can view or modify assessment data. The system also allows for the generation of reports summarizing access activities and exposure mappings, aiding in compliance and risk management. The solution enhances security by enforcing granular access controls while providing transparency into application exposures.
12. The method of claim 8 , further comprising: transmitting instructions to two or more disparate control systems requesting information related to at least two different security controls associated with the future application call, wherein at least one of the two different security controls are managed by each of the two or more control systems; receiving responses from the two or more control systems; and communicating information from the responses to an administrative system.
This invention relates to a method for enhancing security in application call processing by coordinating multiple disparate control systems. The problem addressed is the lack of centralized visibility and control over security measures managed by different systems, which can lead to gaps in security enforcement. The method involves transmitting instructions to two or more separate control systems to gather information about at least two distinct security controls associated with an upcoming application call. Each control system manages at least one of these security controls. The method then receives responses from these systems and communicates the collected information to an administrative system for centralized analysis and decision-making. This approach ensures that security controls from different systems are integrated and evaluated before the application call is executed, improving overall security posture. The method may also include validating the responses from the control systems to ensure accuracy and completeness before forwarding the information to the administrative system. This integration of disparate security controls allows for a more comprehensive and coordinated security assessment.
13. The method of claim 8 , further comprising: initiating communication of information related to the assessment to one or more control owners associated with the one or more security controls.
This invention relates to cybersecurity risk assessment and control management. The problem addressed is the need for efficient communication of security control assessment results to relevant stakeholders, particularly control owners responsible for implementing and maintaining security measures. The method involves assessing the effectiveness of one or more security controls within a system or network. After evaluating these controls, the method automatically initiates communication of assessment-related information to the appropriate control owners. This ensures that those responsible for the controls receive timely feedback on their performance, enabling them to take corrective actions if necessary. The assessment may include evaluating whether the controls meet predefined security standards or compliance requirements. The communication step may involve sending alerts, reports, or notifications through various channels, such as email, messaging systems, or dashboards. The goal is to streamline the feedback loop between security assessors and control owners, improving overall security posture by ensuring prompt remediation of identified vulnerabilities. The method may also integrate with existing security management systems to automate the distribution of assessment results.
14. The method of claim 8 , further comprising: in response to the assessment, automatically initiating remedial actions.
A system and method for automated assessment and remediation of technical issues in a computing environment. The technology addresses the problem of detecting and resolving performance or security vulnerabilities in real-time without manual intervention. The method involves monitoring system parameters, such as performance metrics or security indicators, to identify deviations from predefined thresholds or patterns. When an anomaly is detected, an automated assessment is performed to determine the root cause, which may include analyzing logs, system states, or external threat databases. Based on the assessment, the system automatically initiates remedial actions, such as applying patches, isolating affected components, or adjusting configurations. These actions are selected from a predefined set of solutions tailored to the identified issue. The system may also log the actions taken and their outcomes for future reference or auditing. The goal is to minimize downtime, enhance security, and improve system reliability by proactively addressing issues before they escalate. The method can be applied to various computing environments, including cloud-based systems, on-premises servers, or distributed networks.
15. A computer program product for monitoring usage of an application to identify characteristics and trigger security control, the computer program product comprising a non-transitory computer-readable medium comprising a set of code, that when executed by a processor cause the processor to: perform a query configured to identify any application calls performed in a predetermined period of time within the computing environment; for each identified application call, build a corresponding application characteristics entry in a database; for each identified application call, identify a plurality of characteristics of the called application; associate the identified plurality of characteristics of the called application with the application characteristics entry in the database, thereby creating an application mapping; identify one or more security controls associated with each of the applications in the application mapping; associate the identified one or more security controls with the associated application characteristics entry in the application mapping; and automatically trigger assessment of an effectiveness of the one or more security controls in response to identifying a future application call.
This invention relates to a system for monitoring application usage to identify security risks and trigger automated security assessments. The technology addresses the challenge of ensuring effective security controls are in place for applications running in a computing environment, particularly when application usage patterns change or new applications are introduced. The system operates by first querying the computing environment to detect any application calls made within a specified timeframe. For each detected application call, the system creates a corresponding entry in a database and extracts multiple characteristics of the called application, such as its name, version, permissions, or other attributes. These characteristics are then linked to the database entry, forming a mapping of applications and their properties. The system further identifies security controls associated with each application in the mapping, such as access restrictions, encryption requirements, or monitoring policies, and links these controls to the respective application entries. When a future application call is detected, the system automatically evaluates the effectiveness of the associated security controls. This ensures that security measures remain appropriate for the applications in use, reducing the risk of vulnerabilities or unauthorized access. The automated assessment helps maintain compliance and security without manual intervention.
16. The computer program product of claim 15 , wherein the set of code further causes the processor to: periodically perform subsequent queries; and add an additional application characteristics entry in the application mapping of the database.
This invention relates to a system for dynamically updating an application mapping database to track changes in application characteristics over time. The system addresses the challenge of maintaining accurate and up-to-date information about software applications, which is critical for tasks such as software inventory management, compliance tracking, and security assessments. Traditional static databases often become outdated as applications evolve, leading to inaccuracies in reporting and decision-making. The system includes a processor executing a set of code instructions to periodically query application characteristics, such as version numbers, dependencies, or usage metrics. These queries are performed at predefined intervals to ensure the database remains current. Each query retrieves updated application characteristics, which are then stored as new entries in the application mapping database. This allows the system to maintain a historical record of changes, enabling trend analysis and proactive management of software assets. The database may also include metadata such as timestamps or query identifiers to track the source and timing of each update. By automating the collection and storage of application characteristics, the system reduces manual effort and minimizes errors associated with outdated or incomplete data. This dynamic approach ensures that stakeholders have access to real-time insights into application behavior, supporting better decision-making in IT operations and governance. The system is particularly useful in large-scale environments where applications frequently undergo updates or configuration changes.
17. The computer program product of claim 15 , wherein the set of code further causes the processor to: automatically initiate a reporting transmission to one or more administrative systems, wherein the reporting transmission comprises information related to the assessment.
This invention relates to automated reporting systems for security or compliance assessments in computing environments. The problem addressed is the need for efficient and timely reporting of assessment results to administrative systems, ensuring proper oversight and response to identified issues. The invention involves a computer program product that includes a set of code instructions executable by a processor. The code performs an assessment of a computing system, such as evaluating security vulnerabilities, compliance status, or operational metrics. After completing the assessment, the system automatically initiates a reporting transmission to one or more administrative systems. This transmission includes detailed information about the assessment, such as identified vulnerabilities, compliance violations, or performance metrics. The reporting process is automated, reducing manual intervention and ensuring that administrative systems receive timely updates. The administrative systems may include monitoring platforms, security operations centers, or compliance management tools. The reporting transmission may be formatted in a standardized or customizable way to meet the requirements of the receiving systems. This ensures that the assessment data is actionable and can be integrated into broader security or compliance workflows. The invention improves efficiency by eliminating manual reporting steps and enhances security by ensuring rapid dissemination of critical assessment data.
18. The computer program product of claim 15 , wherein the set of code further causes the processor to: initiate presentation of an administrative dashboard comprising: information related to the assessment access management controls; and exposure-application mapping information.
This invention relates to a computer program product for managing access to assessments and applications within an organization. The system addresses the challenge of securely controlling access to sensitive assessments and applications while providing administrators with visibility into access controls and application exposure. The computer program product includes a set of code that executes on a processor to manage assessment access and application exposure. It enforces access management controls to restrict unauthorized access to assessments and applications. The system also generates and maintains exposure-application mapping information, which tracks how different applications are exposed to potential risks or vulnerabilities. A key feature is the presentation of an administrative dashboard that consolidates critical information. The dashboard displays details about the assessment access management controls, allowing administrators to monitor and adjust permissions as needed. Additionally, the dashboard provides exposure-application mapping information, enabling administrators to understand the relationship between applications and their exposure levels. This helps in identifying high-risk applications and implementing appropriate security measures. The system enhances security by centralizing access control management and providing clear visibility into application exposure, reducing the risk of unauthorized access and data breaches. The dashboard serves as a unified interface for administrators to oversee and manage security policies effectively.
19. The computer program product of claim 15 , wherein the set of code further causes the processor to: transmit instructions to two or more disparate control systems requesting information related to at least two different security controls associated with the future application call, wherein at least one of the two different security controls are managed by each of the two or more control systems; receive responses from the two or more control systems; and communicate information from the responses to an administrative system.
This invention relates to a computer program product for managing security controls in a distributed system. The problem addressed is the need to coordinate and verify multiple security controls across disparate control systems before allowing an application call to proceed. The invention provides a method to dynamically gather and consolidate security-related information from different control systems to ensure compliance before execution. The computer program product includes a set of code that, when executed by a processor, performs several functions. It transmits instructions to two or more separate control systems, requesting information about at least two different security controls associated with an upcoming application call. Each of these security controls is managed by a different control system. The program then receives responses from these control systems, which may include statuses, configurations, or other relevant data. Finally, the program communicates the consolidated information from these responses to an administrative system, which can use the data to make decisions about whether the application call should proceed. This approach ensures that security controls are properly enforced across multiple systems before an application call is executed, reducing the risk of unauthorized access or other security breaches. The invention improves upon prior systems by automating the collection and verification of security information from disparate sources, streamlining the approval process.
20. The computer program product of claim 15 , wherein the set of code further causes the processor to: initiate communication of information related to the assessment to one or more control owners associated with the one or more security controls.
This invention relates to cybersecurity risk assessment and control management. The problem addressed is the need for efficient communication of security assessment results to relevant stakeholders, particularly control owners responsible for implementing and maintaining security controls. The invention provides a computer program product that automates the distribution of assessment-related information to the appropriate control owners, ensuring timely and targeted dissemination of critical security data. The system evaluates security controls within an organization, generates assessment results, and identifies the control owners associated with those controls. The program then initiates communication of the assessment information to the specified control owners, enabling them to take corrective actions or verify compliance. This automated process reduces manual effort, minimizes delays, and improves the overall effectiveness of security control management. The invention may also include additional features such as prioritizing assessments based on risk levels, tracking communication status, and integrating with existing security management systems. By streamlining the communication of assessment results, the invention enhances organizational security posture and ensures accountability for control owners.
Unknown
March 31, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.